One keypair per domain?

[rekado]

Currently, only one keypair is stored per profile. Any page could trigger window.mozCipher.pk.generateKeyPair and thus overwrite the stored key, meaning that the user will lose access to whatever encrypted data had previously been encrypted under the user's public key.

Does it make sense to instead store one keypair for each domain, thereby restricting write access to the keypair?

(How does the Web Crypto API intend to deal with this?)

[daviddahl]

nulltxt handles this better: you can create as many keypairs per domain as you would like, each is accessed via a unique ID.